I came across hackarmoury for the first time a few weeks ago, I think it's got a good collection of tools and a great source for showing some of the breadth and depth of available tools that you might not know are available for specific tasks.

BUT, from my testing (completely non-scientific) I found many of the tools available to be behind the latest vendor version and I'm always nervous about getting tools from source (see Download's bundling of nmap with malware last year for an example).

Personally I'll still be taking my tools from source, or at least 'trusted' repos.

Jamie.R wrote:I agree with Andrew, I perfer to go to the original site and download the tool most site also have md5 checksum so you can make sure its not been tampered with.

This is usually the path I would take as well. However, it’s also worth mentioning that an MD5 checksum still doesn’t necessarily mean something is safe. You’d still need to analyse the tool to ensure it’s behaving as advertised and that no hidden nasty extras were included by the original author.